The structure for contracts and regulations
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Can you please send me a filled in example document. I really don’t know what the content should be in this document. I understand the “stakeholders” but don’t understand the demands.
Answer: The demands are the clauses that define information security requirement. Example for a law is:
Requirement: "... a controller or processor may transfer personal data to a third country or an international organisation only if the controller or processor has provided appropriate safeguards..."
Document stipulating the requirement: Art. 46 GDPR (General Data Protection Regulation), paragraph 1.
Person responsible for compliance: CISO
Deadlines: 25 May 2018
Interested parties: Customers
The structure is the same for contracts and regulations.
2 - Is it a big list ?
Answer: The number of legal requirement will depend on your organization's context (e.g., financial industry is highly regulated, so organizations on this sector will have many laws and regulations to comply with ), and the number of different contracts you have with customers and suppliers. I strongly suggest you to look for legal expert advise to identify such requirements.
3 - What would be the content beside legal obligations Personal Data Protection Act 2000 and Data Breach Notification Requirement Act 2016? Please assist or inform me where I could find the additional information.
Answer: An example of obligation other than laws and regulations would be contractual clauses related to service levels (impacting availability), or clauses specifically related to protection of confidentiality.
These articles will provide you further explanation about requirements identification:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
- Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/
- How to integrate GDPR with ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-gdpr-with-iso-27001-free-webinar-on-demand/
Comment as guest or Sign in
Oct 10, 2018